Insert a rule,therule is insertedinto the INPUT chain‘s5th,because the rulesareexecuted in the order,soopenportsin relation to portfront

2)deleterule

iptables -D INPUT num

NUMrulenumber

3)seerules

/etc/init.d/iptables status

Or

iptables -L

4)savechanges

/etc/init.d/iptables save

http://blog.chinaunix.net/uid-26495963-id-3279216.html

http://www.linuxso.com/linuxpeixun/10332.html

Firewallpolicy is generallydivided intotwotypes,oneis a “pass“strategy,called“blocking“policy,throughpolicy, the defaultisoff, it is necessarytodefinewhocanenter.Blockingis, the doorisopen,butyoumusthaveauthentication,youcannot.Sowehave todefine,come income in,letout,pass,isfull,andblocking,areselected.Whenwedefineapolicywhenyou want todefinemore thanonefeature,whichdefinespackets are allowedornotallowedinpolicy,filterfilterfunction,whichdefinesthefunctionisaddresstranslationNAToption.Alternatingin orderforthesefeatures to work,we have workedouta“table“ of thisdefinition,todefine,distinguish between a variety ofdifferentjobfunctionsandhandling.

Iptables/netfilter(thesoftware)isworkinginuserspace,itallowsrules to take effect,notaservice in itself,and the ruleiseffectiveimmediately.Wehaveiptables is nowbeingmade intoaservice,you canstartandstop. To start,youwillenter into forcedirectly,stop,therulesrevoked.

Iptablessupport for customlinks.Buttheirdefinitionofchain,mustbeassociatedwithaparticularchain.Alevelsetting,specifieswhen the datawent tofindaparticularchain,whenthechainafter the return.Thencontinue tocheckin a particularchain.

Note: the orderof the rulesiscritical,whorulesmorestrictly,should bemorefront,butcheck the rulesof the time,ofcheckingiswaydownfrom the top.